Understand Stanford’s Risk Classifications
Stanford uses a three-tier classification model (Low Risk, Moderate Risk, and High Risk) for categorizing data and systems by risk level. Understanding these classifications and how they apply to you is the first step in protecting yourself and Stanford.
Recognize phishing and other social engineering attacks
Most often motivated by financial gain, hackers frequently employ social engineering techniques to gain unauthorized access to data and accounts via email (“phishing”), text messaging (“smishing”), phone (“vishing”), or online services such as social networking.
To avoid becoming a victim, never provide personal information in response to an unsolicited email, phone, text message or letter, even if it appears to be from a friend or colleague. If unsure, contact the purported senders using information from their official website, as opposed to information provided in the unsolicited communication.
You can protect yourself and Stanford by learning to recognize a phishing email and reporting any suspicious email to spam@stanford.edu.
Phishing Awareness Program
The phishing awareness program periodically sends an email to each participant that resembles a phishing message. It’s designed to create a safe, educational environment for a recipient to practice phishing email identification with no penalty to them, or their department, if a link is clicked. Individual results will never be reported.
Keep your software up-to-date
New vulnerabilities in operating systems, web browsers, and other software are discovered daily. Updating software frequently prevents these vulnerabilities from being exploited.
BigFix is a broadly used service at Stanford that helps keep your laptop or desktop computer up-to-date. If unsure whether BigFix is already installed or needs to be installed on your machine, contact your local IT support team.
Back up your devices
Backing up your files protects your data against ransomware, accidental loss, and system failures. CrashPlan is Stanford’s recommended backup and recovery service for laptops and desktops. If unsure whether CrashPlan is already installed or needs to be installed on your machine, contact your local IT support team.
Encrypt your devices
Encryption protects your personal information and Stanford’s data to prevent unauthorized access in the event that the device is lost or stolen. The MyDevices website tracks your registered devices and their compliance statuses. The encryption guide walks you through the process of encrypting your devices.
Protect against malicious software
To protect against malicious software, install Stanford’s recommended antivirus software on your computer. If unsure whether an antivirus software is already installed or needs to be installed on your machine, contact your local IT support team.
Use approved Stanford services
The Risk Classifications website lists approved Stanford services corresponding to each risk level. Consult with your IT support team before using services that are not listed.
To get started using Stanford supported software, visit University IT’s Essential Stanford Software website.
Use a password manager
It is a best practice to use unique and strong passwords for each of your online accounts. Password managers facilitate the generation and secure storage of passwords. They also save you time and trouble by requiring you to remember only one master password to access the password manager.
Use secure email
When sending sensitive information (especially High Risk Data) via email, add “Secure:” to the subject line, even when sending within Stanford. “Secure:” ensures that the message is sent securely to prevent unauthorized access. For sharing protected health information (PHI), use the Stanford Medicine Box.
Report lost or stolen devices
If one of the devices used for your Stanford work (whether personally or Stanford owned) has been lost or stolen, report the incident to the University Privacy Office.
